The FBI office email system was hacked in 2021, allowing hackers to send out fraudulent warnings. This breach occurred due to a flaw in the FBI’s website, enabling hackers to use the FBI’s legitimate email address.
The hackers sent thousands of phony messages, claiming that the recipients had fallen victim to a “sophisticated chain attack.” These emails were initially discovered by The Spamhaus Project, a nonprofit organization that investigates email spammers.
The fraudulent emails falsely attributed the attacks to Vinny Troia and claimed that he was associated with the notorious hacking group, The Dark Overlord, which was responsible for leaking the fifth season of “Orange Is the New Black.” In reality, Vinny Troia is a well-known cybersecurity researcher who operates two dark web security firms, NightLion and Shadowbyte.
The FBI Email System Hacked to Send Out Fake Warnings
According to Bleeping Computer, the hackers were able to send emails to more than 100,000 addresses, all of which were obtained from the American Registry for Internet Numbers (ARIN) database.
Bloomberg’s report indicates that the hackers used the FBI’s public-facing email system, which made the emails appear even more legitimate.
Cybersecurity researcher Kevin Beaumont verified the emails’ legitimate appearance, noting that the headers were authenticated as originating from FBI servers using the Domain Keys Identified Mail (DKIM) process, which is part of the system Gmail uses to display verified corporate email logos.
In response to the incident, the FBI issued a press release, acknowledging that it’s an “ongoing situation” and that the affected hardware has been taken offline. However, the FBI stated that it currently has no additional information to share regarding the incident.
Spam Campaign Carried Out to Defame Troia
According to Bleeping Computer, it’s believed that the spam campaign was orchestrated as an attempt to tarnish Vinny Troia’s reputation. Troia himself has speculated in a tweet that a person using the pseudonym “Pompompurin” may have been behind the attack.
Bleeping Computer also points out that this same person has allegedly attempted to damage Troia’s reputation in similar ways in the past.
Pompompurin Connected to the Incident
A report by computer security journalist Brian Krebs links Pompompurin to the incident. This person allegedly messaged Krebs from an FBI email address when the attacks were launched, stating, “Hi, it’s pompompurin. Check headers of this email; it’s actually coming from the FBI server.”
KrebsOnSecurity had the opportunity to communicate with Pompompurin, who stated that the hack was intended to highlight security vulnerabilities within the FBI’s email systems.
Pompompurin remarked, “I could’ve used this 1000 percent to send more legitimate-looking emails, trick companies into handing over data, etc.,” in a statement to KrebsOnSecurity.
The person further explained to the outlet that they exploited a security gap in the FBI’s Law Enforcement Enterprise (LEEP) portal, where they signed up for an account using a one-time password embedded in the page’s HTML. From there, Pompompurin claims to have manipulated the sender’s address and email body, enabling them to carry out the massive spam campaign.
Biden Mandates a Bug Fix
Given the level of access Pompompurin claimed to have had, the attack could have been much more damaging than just a false alert that raised concerns among system administrators. Earlier this month, President Joe Biden issued a mandate requiring civilian federal agencies to promptly patch any known security vulnerabilities.
In May, Biden signed an executive order aimed at enhancing the country’s cybersecurity defenses, particularly in response to significant cyberattacks like those on the Colonial Pipeline and SolarWinds. These measures reflect the government’s commitment to strengthening cybersecurity in the face of increasing threats.
Helpful Guides to Keep you since FBI Email System was Hacked to Send Out Fake Warnings
- 9 Best WiFi Penetration Testing Tools Hackers Use for Wireless Security
- Safest Ways to Make Online Payment to Keep You Safe from Fraud/Theft
- How to Recover Your Money Back From a Scammer as Quick as Possible
- Account Fraud is Disrupting Online Streaming Services: See Solution here
- Prevent Yourself from Falling into Charity Scam & Fraud This Holiday Season
Who is Pompompurin in Cybersecurity Space?
Conor Brian Fitzpatrick, also known as Pompompurin and the owner of the BreachForums (also known as Breached) hacking forum, has pleaded guilty to hacking and child pornography possession charges. This legal development signifies his admission of guilt in relation to these charges.
Conor Brian Fitzpatrick, who went by the online alias Pompompurin, is notable for his involvement in the cybercriminal underground. He was the owner and operator of the BreachForums, a notorious hacking forum that gained notoriety for hosting discussions and sharing information related to cyberattacks, data breaches, and various illegal activities in the digital realm. The forum was a gathering place for hackers, cybercriminals, and those interested in illegal activities online.
Fitzpatrick’s activities on the BreachForums included not only facilitating discussions but also reportedly engaging in hacking and cybercriminal endeavors himself. These activities led to his involvement in various cybercrimes and ultimately led to his legal troubles.
In addition to hacking-related charges, Fitzpatrick also faced child pornography possession charges. Child pornography is a serious criminal offense involving the possession, distribution, or production of explicit images or videos featuring minors, and it carries severe legal consequences.
His guilty plea signifies his acknowledgment of the charges against him and the potential legal consequences he faces as a result of his actions. This is a significant development in the legal case against him. Lastly, this highlights the complex nature of cybercrime cases that often involve multiple charges and legal jurisdictions. Finally, when the FBI email system was hacked, he denied every involvement. See the advice of FBI to keep you safe.
Related Posts
- How Apple Pay Visa Contactless Hack Happen? Researchers find Answers
- Simple Ways Cyber Criminals Hack Facebook Account – Don’t Fall a Victim
- 16 Best Ethical Hacking Courses on Udemy Website to Register and Learn
- Best Windows PenTesting Ethical Hacking Tools & Techniques for DevOps
- Fedex Fraudulent Email Alert – Unauthorized use of FedEx® Business Delivery
